Hello All,
OpenSSL version : OpenSSL 0.9.7j-fips-dev
Platform : HPUX
I built OpenSSL by enabling the fips option and did a gmake test.
The following test cases fail
1. trsa
=
# sh ./trsa
rsa
testing rsa conversions
p -> d
writing RSA key
p -> p
writing RSA key
d -> d
writing RSA key
p -> d
writing RSA key
d -> p
writing RSA key
p -> p
writing RSA key
fff.p f.p differ: char 12, line 1
Reason:
Reading the sample key file testrsa.pem in fips mode produces a different
result.
# cat testrsa.pem
-BEGIN RSA PRIVATE KEY-
MIIBPAIBAAJBAKrbeqkuRk8VcRmWFmtP+LviMB3+6dizWW3DwaffznyHGAFwUJ/I
Tv0XtbsCyl3QoyKGhrOAy3RvPK5M38iuXT0CAwEAAQJAZ3cnzaHXM/bxGaR5CR1R
rD1qFBAVfoQFiOH9uPJgMaoAuoQEisPHVcZDKcOv4wEg6/TInAIXBnEigtqvRzuy
oQIhAPcgZzUq3yVooAaoov8UbXPxqHlwo6GBMqnv20xzkf6ZAiEAsP4BnIaQTM8S
mvcpHZwQJdmdHHkGKAs37Dfxi67HbkUCIQCeZGliHXFa071Fp06ZeWlR2ADonTZz
rJBhdTe0v5pCeQIhAIZfkiGgGBX4cIuuckzEm43g9WMUjxP/0GlK39vIyihxAiEA
mymehFRT0MvqW5xAKAx7Pgkt8HVKwVhc2LwGKHE0DZM=
-END RSA PRIVATE KEY-
# openssl rsa -in testrsa.pem
writing RSA key
-BEGIN PRIVATE KEY-
MIIBVgIBADANBgkqhkiG9w0BAQEFAASCAUAwggE8AgEAAkEAqtt6qS5GTxVxGZYW
a0/4u+IwHf7p2LNZbcPBp9/OfIcYAXBQn8hO/Re1uwLKXdCjIoaGs4DLdG88rkzf
yK5dPQIDAQABAkBndyfNodcz9vEZpHkJHVGsPWoUEBV+hAWI4f248mAxqgC6hASK
w8dVxkMpw6/jASDr9MicAhcGcSKC2q9HO7KhAiEA9yBnNSrfJWigBqii/xRtc/Go
eXCjoYEyqe/bTHOR/pkCIQCw/gGchpBMzxKa9ykdnBAl2Z0ceQYoCzfsN/GLrsdu
RQIhAJ5kaWIdcVrTvUWnTpl5aVHYAOidNnOskGF1N7S/mkJ5AiEAhl+SIaAYFfhw
i65yTMSbjeD1YxSPE//QaUrf28jKKHECIQCbKZ6EVFPQy+pbnEAoDHs+CS3wdUrB
WFzYvAYocTQNkw==
-END PRIVATE KEY-
Solution :
I generated a new rsa key in fips mode and it worked
# export OPENSSL_FIPS=1
# openssl genrsa -out testrsa.pem
2. testss
==
# sh testss
digest.c(150): OpenSSL internal error, assertion failed: Digest update
previous FIPS forbidden algorithm error ignored
Reason:
The default digest algorithm in sample configuration files P1ss.cnf, P2ss.cnf
and Uss.cnf is md5 which is forbidden in FIPS mode.
Solution
Changing it to sha1 works
Thanks,
Prakash
-
Relax. Yahoo! Mail virus scanning helps detect nasty viruses!
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL PROTECTED]